“Bitcoin and Cryptocurrency Technologies”Online Course Summery (Lecture 5)
- This is my notes & summery for this course “Bitcoin and Cryptocurrency Technologies” on coursera , the course material is very useful to gain a more technical understanding of Bitcoin and Cryptocurrency in general.
- This is just a summery of the course content and PDF it dosen’t compensate for watching the videos and i posted it so that future students of this course may benefit from it.
- All images are courtesy of the instructors’ PDF published in the course resources .
Segment 5.1 (The task of Bitcoin miners) :
To be a Bitcoin miner there are six tasks to perform:
- 1. You listen for transactions on the network and validate them by checking the signatures and that the outputs being spent haven’t been spent before.
- 2. You must maintain the block chain. You start by requesting other nodes to give you all of the historical blocks that are already part of the block chain before you joined the network. You then listen for new blocks that are being broadcast to the network. You must validate each block that you receive — by validating each transaction in the block and checking that the block contains a valid nonce.
- 3. Once you have an up-to-date copy of the block chain, you begin building your own blocks. To do this, you group transactions that you heard about into a new block that extends the latest block you know about. You must make sure that each transaction included in your block is valid.
- 4. Find a nonce that makes your block valid. This step requires the most work, and it’s where all the difficulty really happens for the miners.
- 5. Hope your block is accepted. you have to hope that other miners accept your block and start mining on top of it, instead of some competitor’s block.
- 6. If all other miners do accept your block, then you profit! At the time of this writing in early 2015, the block reward is 25 bitcoins. In addition, if any of the transactions in the block contained transaction fees, the miner collects those too.
- We can classify the steps that a miner must take into two categories. Some tasks — validating transactions and blocks — help the Bitcoin network and are fundamental to its existence. These tasks are the reason that the Bitcoin protocol requires miners in the first place. Other tasks — the race to find blocks and profit — — aren’t necessary for the Bitcoin network itself but are intended to incentivize miners to perform the essential steps.
Finding a valid block :
- The first thing that you do as a miner is you assemble all the transactions that you have from your pending transaction pool into a Merkle tree. You then create a block with a header that points to the previous block. In the block header, there’s a 32 bit nonce field, and you keep trying different nonces looking for one that that causes the block’s hash to be under the target.
- In most cases you’ll try every single possible 32-bit value for the nonce and none of them will produce a valid hash. At this point you’re going to have to make further changes. there’s an additional nonce in the coinbase transaction that you can change as well. After you’ve exhausted all possible nonces for the block header, you’ll change the extra nonce in the coinbase transaction — say by incrementing it by one — and then you’ll start searching nonces in the block header once again.
- When you change the nonce parameter in the coinbase transaction, the entire Merkle tree of transactions has to change. So the change of the coinbase nonce will propagate all the way up, and since you’ll have to update all the hashes, changing the extra nonce in the coinbase transaction is much more expensive than changing the nonce in the block header. For this reason, miners spend most of the time changing the nonce in the block header and only change the coinbase nonce when they have exhausted all of the 2³² nonces in the block header.
- As of March 2015, it is only one in about 2⁶⁷ nonces that you try will work. The mining difficulty changes every 2016 blocks. It is adjusted based on how efficient the miners were over the period of the previous 2016 blocks according to this formula:
next_difficulty = previous_difficulty * (2 weeks) / (time to mine last 2016 blocks).
- You can see that the number of seconds that elapse between consecutive blocks in the block chain gradually goes down, jumps up and then gradually goes down again. Of course what’s happening is that every 2016 blocks the difficulty resets and the average block time goes back up to about ten minutes. Over the next period the difficulty stays unchanged, but more and more miners come online. Since the hash power has increased but the difficulty has not, blocks are found more quickly until the difficulty is again adjusted after 2016 blocks, or about two weeks.
Segment 5.2 (Mining Hardware) :
- SHA-256 is a general purpose cryptographic hash function that’s part of a bigger family of functions that was standardized in 2001. SHA-256 was a good choice as this was strongest cryptographic hash function available at the time when Bitcoin was designed. It is possible that it will become less secure over the lifetime of Bitcoin, but for now it remains secure.
- SHA-256 maintains 256 bits of state. The state is split into eight 32-bit words which makes it very optimized for 32-bit hardware, and in each round some bitwise tweaks that are applied to some of those words. Then a number of words in the state are taken — some with these tweaks applied — and added together mod 32. The result of all of these additions is wired over to the first word of the state and the entire state shifts over. this is just one round of the SHA-256 compression function, and a complete computation of SHA-256 does this for 80 iterations.
- The first generation of mining was all done on general purpose computers. In fact, CPU mining was as simple as running some code. That is, miners simply searched over nonces in a linear fashion, computed SHA 256 in software and checked if the result was a valid block.
- If you’re mining on a general purpose PC today it’s going to take you about 300,000 years on average to find a block. CPU mining is no longer profitable with the current difficulty.
- GPUs are designed to have high throughput, and also high parallelism, both of which are very useful for Bitcoin mining. Mining with graphics cards has some nice properties: they’re easily available, and they’re easy for amateurs to set up , they also have the property that you can drive many graphics cards from one motherboard and CPU.
- Most graphics cards can also be overclocked so you can run them faster than they’re actually designed for, if you want to take on the risk. And with Bitcoin mining, it might be a good idea to run the chip much faster than it was designed for even if you introduce some errors in the process. If an invalid solution is erroneously declared valid by the graphics card you can always double-check it on your CPU. On the other hand, if a valid solution is erroneously missed, you’d never know. But if your speed increase from overclocking can overcome the decrease in output due to errors, you’d still come out ahead. There’s a term called goodput that measures this, which is simply the product of throughput and success rate.
- Disadvantages of GPU mining: GPUs have a lot of hardware built into them for doing video that doesn’t get used by miners. Specifically, they have floating point units that aren’t used at all in SHA-256. GPUs also don’t have the greatest cooling characteristics when you put a lot of them next to one another. GPUs can also have a fairly large power draw, so a lot of electricity is being used relative to a computer. Another disadvantage initially was that you had to either build your own board or buy expensive boards to house multiple graphics cards.
- On a really high-end graphics card with aggressive tuning you might get as high as 200 MH/s, but even if you used one hundred GPUs together, it would still take you over 300 years on average to find a block at the early-2015 difficulty level. Due to this lack of performance, GPU mining is basically dead.
- Around 2011 some miners started to use FPGAs or Field Programmable Gate Arrays. That’s around the same time that the first implementation of Bitcoin mining came out in Verilog, a hardware design language that’s used to program FPGAs.
- FPGAs offer better performance than graphics cards, particularly on some of the “bit fiddling” operations. These are easy to specify on an FPGA, and cooling is also easier with FPGAs. You’re also wasting less of the card than you would be a graphics card.
- If you were using an FPGA, you might get up to a GH/s, or one billion hashes per second, but even if you had a hundred boards together, it would still take you about 50 years on average to find a Bitcoin block at the early-2015 difficulty level.
- Even though FPGAs improved performance, the cost-per-performance was only marginally improved over GPUs. FPGA mining was a rather short-lived phenomenon. Whereas GPU mining dominated for about a year or so, the days of FPGA mining were far more limited — lasting only a few months.
- Mining today is dominated by Bitcoin ASICs, or application-specific integrated circuits. These are chips that were designed, built, and optimized for the sole purpose of mining Bitcoins. There are a few big vendors that that sell these to consumers.
- Up until 2014, the lifetime of ASICs has been quite short due to the rapidly increasing network hash rate, and thus shipping speed is crucial. Most boards in the ASIC era have been effectively obsolete in about six months. Furthermore, the bulk of the profits are made up front. Often, miners will make half of the expected profits for the lifetime of the ASIC during just the first six weeks. Due to the immaturity of the industry, consumers have often experienced shipping delays, with boards often obsolete by the time they reach the customer.
- The economics of mining haven’t been favorable to the small miner. In fact, in most cases people who have placed orders for mining hardware should have lost money based on the calculation that they made at the time. Until 2013, the price of Bitcoin rose a lot, and this saved most of those customers from losing money.
Today : Professional mining:
- Today mining has mostly moved away from individuals and toward professional mining centers.
- When determining where to set up a mining center, the three biggest considerations are: climate, cost of electricity, and network position.
Segment 5.3 (Energy consumption & ecology) :
- There’s a physical law known as Landauer’s principle developed by Ralph Landauer in the 1960s that states that any non-reversible computation must use a minimum amount of energy. the high-level idea is that every time you flip one bit in a non-reversible way there’s a minimum amount of joules that you have to use.
So why does Bitcoin mining require energy? :
- Embodied energy: Bitcoin mining equipment needs to be manufactured.This requires physical mining of raw materials as well as turning these raw materials into a Bitcoin mining ASIC, both of which require energy. Hopefully, over time the embodied energy will go down, As fewer people are going out to buy new mining ASICs, they’re going to be obsoleted less quickly.
- Electricity: When your ASIC powered on and mining, it consumes electricity. This is the step that we know has to consume energy due to Landauer’s principle. As mining rigs get more efficient, the electrical energy cost will go down.
- Cooling: If you’re operating in a very cold climate your cooling cost might be very low, but in most climates you’re going to have to pay extra to cool off your equipment from all of the waste heat that it is generating. Cooling actually costs more the larger your scale is.
Estimating energy usage: How much energy is the entire Bitcoin system using? :
- Top down approach: We start with the simple fact that every time a block is found today 25 bitcoins of rewards, or about 6,500 dollars are given to the miners. That’s about 11 dollars every second. Now let’s ask this question: if the miners are turning all of those 11 dollar per second into electricity, how much can they get? we’ll estimate that electricity costs around 10 cent per kilowatt-hour (kWh), or equivalently 3 cents per megajoule (MJ). If Bitcoin miners were spending all 11 dollars per second of earnings buying electricity, they could purchase 367 megajoules per second, or 367 megawatts (MW).
- Bottom up approach: We look at the number of hashes the miners are actually computing, which we know by observing the difficulty of each block. we then assume that all miners are using the most efficient hardware. Currently, the best claimed efficiency figure amongst commercially available mining rigs is about 3 GH/s/W. That is, they can do three billion block hashes per second while consuming 1 watt of power. The total network hashrate is about 350,000,000 GH/s. Multiplying these two together, we see that it takes about 117 MW to produce that many hashes per second at that efficiency.
- According to our estimates then, the whole Bitcoin network is consuming maybe 10% of a large power plant’s worth of electricity. Although this is not an insignificant amount of power, it’s not yet a large amount of electricity compared to all the other things that people are using electricity for on the planet.
- We can ask if there’s a way to do better. One idea is to capture the heat generated from Bitcoin mining do something useful with it instead of just heating up the atmosphere. This is called the data furnaces model. The concept is that instead of buying a traditional electric heater to heat your home, or to heat water in your home, you’d buy a Bitcoin mining rig that you would plug in both to your electricity outlet and also to your Internet connection. Your heater would mine bitcoins and generate heat as a byproduct of that computation.
- There are a few things about this model that aren’t ideal. Although it’s about as efficient as using an electric heater, electric heaters are themselves much less efficient than gas heaters. Besides, what happens when everybody turns off their Bitcoin mining rig in the summer? Will mining hash power go down seasonally based on how much heat people need? The question of ownership is also not clear. If you buy a Bitcoin data furnace, do you own the Bitcoin mining rewards that you get, or does the company that sold them to you?
Segment 5.4 (Energy consumption & ecology) :
- If we look at the distribution of how many blocks you’re likely to find in the first year using a 6,000 dollars new Bitcoin mining rig., the variance is pretty high and the expected number of blocks that you’ll find is quite low. there’s a greater than 40% chance that you won’t find any blocks within the first year. For an individual miner, this can be devastating. You spent thousands of dollars on the miner, paid lots in electricity to run it, and received nothing in return. There’s a roughly 36% chance that you’ll find one block within the first year which means maybe you’re barely scraping by, provided your electricity costs weren’t too high. Finally, there’s a smaller chance that you’ll find two or more blocks, in which case you could make a nice profit.
Mining pools :
- A mining pool is a mutual insurance for Bitcoin miners. A group of miners will get together, form a pool, and they will all attempt to mine a block with a designated coinbase recipient. That recipient is going to be called the pool manager. So, no matter who actually finds the block, the pool manager will receive the rewards. The pool manager will take that revenue and distribute it to all the participants in the pool based on how much work each participant actually output. Of course, the pool manager will also probably take some kind of cut for their service of managing the pool.
- How does a pool manager know how much work each member of the pool is actually performing and divide the revenue commensurate based on that?. Miners prove realistically how much work they’re doing by outputting shares, or near-valid blocks. Say the target is a number beginning with 67 zeros. The hash must be lower than the target for the block to be valid. In the process of searching for such a block, miners will find blocks with hashes beginning with a lot of zeros, but not quite 67. Miners can show these nearly valid blocks to prove that they are indeed working. A share might require say 40 or 50 zeros, depending on the type of miners the pool is geared for.
- Periodically the pool manager will collect transactions and assemble them into a block. The manager will include his or her own address in the coinbase transaction, and send the block to all of the participants in the pool. All pool participants work on this block, and they prove that they’ve been working on it by sending in shares. When a member of the pool finds a valid block, he sends it to the pool manager who distributes the reward in proportion to the amount of work done. The miner who actually finds the block is not awarded a special bonus, so if another miner did more work than this miner, that other miner will be paid more.
There are a few options for how exactly the pool manager calculates how much to pay each miner based on the shares they submit :
- Pay-per-share: the pool manager pays a flat fee for every share above a certain difficulty for the block that the pool is working on. In this model, miners can send their shares to the pool manager right away and get paid without depending on the pool to find a block. In some ways, the pay-per-share model is the best for miners. They are guaranteed a certain amount of money every time they find a share. The pool manager essentially absorbs all of the risk since he must pay rewards even if a block is not found. Of course, as a result of the increased risk, the pool manager will charge higher fees as compared with other models.One problem with the pay-per-share model is that miners don’t actually have any incentive to send valid blocks to the pool manager. That is, they can discard valid blocks, and they will still be paid the same rewards.
- Proportional: Instead of paying a flat fee per share, the amount of the share the depends on whether or not the pool actually found a valid block. So every time a valid block is found the rewards from that block are distributed to the members proportional to how much work they actually did. Proportional payouts provides lower risk for the pool manager. Proportional mining also gets around the problem that we mentioned with the pay-per-share model. Miners are incentivized to send in the valid blocks that they find because that triggers revenue coming back to them.
- There are many protocols for how to run mining pools, and it has even been suggested that these mining pool protocols should be standardized as part of Bitcoin itself, these protocols are a communication API from the pool manager to all of the members the details of the block to work on, and for the miners to send back to the pool manager the shares that they’re finding. Some mining hardware actually supports these protocols at the hardware level.
51% mining pools:
- As of early 2015, the vast majority of all miners are mining through pools. Very few miners mine on their own anymore. In June 2014, Ghash.io, the largest mining pool, got so big that it actually had over 50% of the entire capacity over the Bitcoin network. By August, Ghash had gone down a little bit, partly by design. Still, two mining pools controlled about half of the power in the network.
Are mining pools a good thing? :
- The advantages of mining pools are that they make mining much more predictable for the participants and they make it easier for smaller miners to get involved in the game. Another advantage is that since there’s one central pool manager who is sitting on the network and assembling blocks it makes it easier to upgrade the network. By upgrading the software that the mining pool manager is running that effectively updates all of the software that all the pool members are running.
- The main disadvantage of mining pools, of course, is that they lead to centralization. Another disadvantage of mining pools is that it lowers the population of people actually running a fully validating Bitcoin node. Previously all miners, no matter how small, had to run their own fully validating node. They all had to store the entire block chain and validate every transaction. Now, most miners offload that task to their pool manager, and this is one reason why the number of fully validated nodes may actually be going down in the Bitcoin network.
Segment 5.5 (Mining incentives and strategies) :
There are some interesting strategic considerations that every miner has to make before they pick which blocks to work on:
- Miners get to choose which transactions they want to include in a block. The default strategy is to include any transaction that includes higher than some minimum transaction fee.
- Miners also get to decide on top of which block they want to mine. The default behavior for this decision is to extend the longest valid chain.
- If two different blocks are mined and announced at around the same time, it results in a 1-block fork, with either block admissible under the longest valid chain policy. Miners then have to decide which block to extend. The default behavior is to build on top of the block that they heard about first.
- When they find a block, miners have to decide when to announce this to the Bitcoin network. The default behavior is to announce it immediately, but they can choose to wait some time before announcing it.
- But depending on the fraction of mining power controlled by a miner, it may be possible that a non-default strategy is more profitable. In the following discussion, we’ll assume there’s a deviant miner who controls some fraction of mining power which we’ll denote by α:
- The obvious way to profit from this attack is to perform a double spend. The miner sends some money to a victim, Bob, in payment for some good or service. Bob waits and sees that the transaction paying him has indeed been included in the block chain. Convinced that he has been paid, Bob ships the good. The miner now goes ahead and begins working on an earlier block — before the block that contains the transaction to Bob. In this forked chain, the miner inserts an alternate transaction — or a double spend — of the coins paid to Bob back to the miner’s own address.
- When the miner initially goes back and works on an earlier point in the chain, the doesn’t immediately succeed since the forked chain is not the longest chain. However, if the miner has a majority of the hash power — that is, if α > 0.5 — the alternate chain eventually become the longest chain, and hence the valid block chain. Once this occurs, the transaction paying Bob no longer exists on the consensus block chain.
- The attack is detectable, and it’s possible that that the community would decide to reverse the attack by refusing to accept the alternate chain even though it is longer. Moreover, If a miner carried out such an attack, people might lose confidence in the system and refrain from buying bitcoins causing the exchange rate to fall. For these reasons, the most likely motivation for a forking attack is to destroy the currency by a dramatic loss of confidence. This has been referred to as a Goldfinger attack.
Forking attack via bribery:
- Whereas it would be really expensive to buy enough mining capacity to have more than everybody else in the world, it might be possible to bribe the people who do control all that capacity to work on your behalf. There are a few ways that you could bribe miners. One way is to do this “out of band” — perhaps locate some large miners and hand them an envelope of cash for working on your chain. A more clever technique is to declare yourself to be a new mining pool and run it at a loss. You could offer greater incentives than other pools and cause many miners to join your pool. Even though the incentives you offer will not be sustainable, you may be able to keep them going for long enough to successfully launch a forking attack and perhaps profit. A third technique for bribing is to leave big tips in your forking blocks — big enough to cause miners to leave the longest chain and work on your chain in hopes that it will become the longest chain and they will collect the tip.
- Say that you just found a block. The default behavior is to immediately announce it to the network, but if you’re carrying out a block-withholding attack, you do not announce it right away. Instead you try to get ahead by doing some more mining on top of this block in hopes of finding two blocks in a row before the rest of network finds even one. If you’re ahead of the public block chain by two blocks, all of the mining effort of the rest of the network will be wasted. Other miners will mine on top of what they think is the longest chain, but as soon as they find a valid block, you can announce the two blocks that you were withholding. That would instantly be the new longest valid chain and the block that the rest of the network worked so hard to find would immediately be orphaned. This is known as selfish mining. By wasting some of the hash power of the rest of the network, you hope to increase your effective share of mining rewards.
- The problem is that you need to get lucky to find two blocks in a row. Chances are that someone else in the network announces a valid block when you’re only one block ahead. If this happens, you’ll want to immediately announce your secret block yourself. This creates a 1-block fork and every miner will need to make a decision about which of those blocks to mine on. Your hope is that a large fraction of other miners will hear about your block first and decide to work on it.
Blacklisting and punitive forking:
- Say a miner wants to blacklist transactions from address X. In other words, they want to freeze the the money held by that address making it unspendable. Perhaps you intend to profit off of this by some sort of ransom demanding that the person you’re blacklisting pay you in order to be taken off of your blacklist. If you’re a miner trying to blacklist, you could try something stronger, You could announce that you’ll refuse to work on a chain containing a transaction originating from this address. This is quite an extreme strategy because if you have less than the majority of the network hash power you’ll refuse to mine on any chain that has certain transactions, if such a chain does come into existence and is accepted by the rest of the network as the longest chain, you will have cut yourself off from the consensus chain forever, and all of the mining that you’re doing is essentially wasted.
- Instead of announcing that you’re going to fork forever as soon as you seen an a transaction originating from address (X), you announce that you’re going to fork if you see a block that has a transaction from address X, but you will give up after a while — typically after one or two blocks confirm the transaction from address (X), you’ll go back to the longest chain.
- If you give up after one confirmation, your chance of orphaning the block with the transaction from X is α^2 . The reason for this is that you’ll have to find two consecutive blocks to get rid of the block with the transaction from address (X) before the rest of the network finds a block. A chance of α^2 might not seem very good. If you control 20% of the hash power, there’s only a 4% chance of actually getting rid of that transaction that you don’t want to see in the block chain. But you might motivate other miners to join you other miners know that if they include a transaction from address(X), they have an α2 chance that the block that they find will end up being orphaned because of your feather-forking attack.
Transitioning to mining rewards dominated by transaction fees:
- As of 2015 block rewards provide the vast majority — of all the revenue that miners are making. But every four years the block reward is cut in half, and eventually, the block reward will be low enough that transactions fees are going to be the main source of revenue for miners.